[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: citrix though the firewall...
From:       Michael Ray <miker () cotse ! com>
Date:       2004-11-24 2:03:27
Message-ID: lul7q054he8lh3i0rigbrem3gm2rglfnlp () 4ax ! com
[Download RAW message or body]

On Mon, 22 Nov 2004 17:17:18 +1300, you wrote:

>HI Folks,
>	 has anyone written a helper application like ftpsesame that will allow
>citrix metaframe to work through a pf firewall?

Citrix did... ;-)  It is called Citrix Secure Gateway(CSG) or their
new name of Citrix Secure Access Manager(CSAM). Basically the server
sits in the DMZ and only communicates on 443 with SSL for external
users and it communicates from the CSG back to the Citrix servers a
number of ways including SSL.
http://www.citrix.com/site/PS/products/product.asp?familyID=%2019&productID=184

>Citrix first talks on port 1494 and negotiates a high numbered port
>which the client then connects back to. 

You are correct, it depends on how you are setup and what servers need
to communicate with external resources. If you require the use of an
"alternate address" configuration you could end up having an inane
range of ports which must be opened. 

What versions of Citrix are you using? Is this strictly for external
users to access the internal applications?

>I am going to be encouraging users to move to RDP but I need a short
>term solution.

There are a number of options depending on what the requirements are. 

Links:
_HUGE_ resource on Citrix with links, white papers, etc
Original web page
http://www.dabcc.com/ThinSol/

New web page (click on Citrix Systems on the left)
http://www.dabcc.com/DABCC/

CSG document
http://support.citrix.com/servlet/KbServlet/download/134-102-7736/Windows_Secure_Gateway_Guide.pdf

Mike
[prev in list] [next in list] [prev in thread] [next in thread]